Security Tokens <Video>
A security token is an automatically generated key that you must add to the end of your password in order to log in to Advologix and the Force.com platform from an untrusted network.
You are offered a security token if you try to access Advologix and the Force.com platform from an untrusted network. Once you have been issued a security token, you have the option to reset this security token at any time.
Tip: We recommend that you obtain your security token using the user interface from a trusted network prior to attempting to access Advologix and the Force.com platform from a new IP address.
For example, if your password is mypassword, and your security token is XXXXXXXXXX, then you must enter mypasswordXXXXXXXXXX to log in.
Security tokens are required whether you log in via the API or a desktop client such as the Data Loader.
Security Token Reset Confirmation Page
Some Common Security Token Questions answered:
Q: Is a security token on a per user basis or on a per company/account basis?
A: A security token is on a per user basis. Resetting / Generating a security token is done for a specific user and only that user, API integration of that user / 3rd party applications that use this user's credentials will be affected by it.
Q: If I reset my username’s security token, does that impact other users security tokens?
A: No. Since it is only affecting the user that reset the token - other users will not be affected.
Q: Our company uses a VPN which allows me to login to SF from home. Why do I need a security token at all?
A: A VPN is used to mask your IP to one that is used by your company / organization as a trusted IP. If your organization defined a trusted IP Range than a security token is not necessary. However - a user might choose to use a security token in addition to being in the trusted IP Range.
Q: When I go to setup > my personal information I do not see anything related to security tokens at all. Why?
A: There are a few reasons why this option is not available in the navigation pane. Note this would also cause a security token to NOT be received via email upon reset of the user's password:
- SSO is enabled for the org: If SSO is enabled, security tokens are not used, so it would not be available as an option.
- IP Restrictions are enabled for the Profile: This also would result in the disablement of the Security Token.
- The User's Profile is corrupted: If neither of the above options are true/apply, try editing the profile and then saving it without making any changes at all. This will "reset" the profile, and might result in the token option being available.
- ID confirmation may have been disabled or if re-enabled a permission was not set correctly. Please have salesforce.com customer support ensure that the appropriate permissions are active on your Org.
Q: Is there a way to see which users are using a security token to login to the org?
A: You can view the login history to the org and note which IPs are not in the IP Range. This will give an indication of which users are using a security token.
Note that it won't show which users are within the trusted IP range but also use a security token.